locked
SBS2008 2nd Domain unable to send mail externally but can recieve... RRS feed

  • Question

  • A customer of mine has a SBS2008 box set up that's been running for a few years, recently they added a 2nd domain to their business.  This is something I've set up several times in SBS2003, and worked flawlessly.

    I set up the domain, pointed the MX records to the SBS2008 box, In Exchange Management Opened up Organization > Hub Transport > Added new domain as an Accepted Domain.  Opened up Created a new Email Address Policy, priority 2 (main is priority 1), added the domain.

    Incoming email works just fine.  But if I send an external email nothing happens.  No rejection, No bounce-back... it's like I never sent it.  Tested to 3 external hosts, Hotmail, Yahoo, and my own personal Exchange.  However, if I send a message from external to the 2nd domain, it works fine.  I'm even able to reply to the external from the 2nd domain, and that goes through just fine.  It's only on new email creation from 2nd domain to external.  Primary domain sends/receives just fine.

    The users that are using the 2nd domain, aren't using the primary domain.  I've added the 2nd domain, and made it the primary reply. But left the original primary on the account.

    I don't think I've missed any steps here.  The primary domain has a GoDaddy SSL, that obviously doesn't match the 2ndary domain, but in the past (sbs2003) that's never been an issue, it's always worked.

    With out a bounce back / rejection I'm not sure where to start troubleshooting.


    • Edited by E. Pearia Saturday, May 18, 2013 12:01 AM
    Friday, May 17, 2013 11:59 PM

Answers

All replies

  • I figured out that the server had been set up to send outbound through google postini.  However, they have an encryption product on the server called "paperclip em4".

    So they have assigned a 2nd ip address to the NIC.

    SBS Ip = 192.168.1.3
     which has a send connector that sends it to the 2nd ip address assigned to the nic 192.168.3.5

    This is the ip that the paperclip software listens on.  It has an outbound relay section in it's software where google postini's ip address is configured.

    My question is about the Send Connector in Exchange Console.  Is there a send connector by default, or can I just delete this send connector?  I could easily modify the IP address in this connector from 192.168.1.5 to 192.168.1.3 (the default sbs2008 ip).  Or disable it.

    Postini won't route the sub domains, I'm going to also look into getting that added, but for now just to get it working I'm thinking I'll default send off the SBS for a while, (even if that means disabling the paperclip em4 secure feature for a few days till I can get ahold of that vendor).

    Sunday, May 19, 2013 12:16 AM
  • Ended up being able to add another Organization and Domain in postini.  Once I did this, it would relay that domains email for me just fine.

    I tried to modify the send connector, and other setting to get the sbs box to send the mail, but was unsuccessful.  I'd still be interested in figuring out how to get all the send connector setting back to default so the box sends all outbound email.

    If I figure it out, I'll post it here for reference.

    Sunday, May 19, 2013 1:26 AM
  • Researching, and the changes I made should have allowed the SBS box to send mail... I'm going to test it again after hours this weekend.  I think I'll make a new send connector and try to set it up using "default" values to see if it works.

    Here was the error message I got trying to send off the sbs box when I changed the send connector back to (what I thought was default values).


    __________________________
    Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

     

    The following organization rejected your message: SBS2008.domain.local.

    Generating server: SBS2008.domain.local

     

    mypersonalemail@hotmail.com SBS2008.domain.local #530 5.7.1 Client was not authenticated ##

    Monday, May 20, 2013 7:14 PM
  • Hi ,

    Thank you for posting your issue in the forum.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best Regards,

    Andy Qi

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Andy Qi
    TechNet Community Support

    Thursday, May 23, 2013 9:30 AM
  • Hi ,

    Thank you for posting your issue in the forum.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best Regards,

    Andy Qi

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Andy Qi
    TechNet Community Support

    Thanks for trying to get assistance.  The original issue was I wasn't able to send from any other domain other than the primary domain.  The reason ended up being, google postini was configured as the outbound sending relay.  In the admin google postini account the other domains had to be added before google would relay them for me.  This issue has been resolved by adding the domains.  I am able to mail like I'd expect.

    However... When I tried to remove google postini and send mail off of the SBS box again I was unable to do so.  I tried to modify the send connector and put it back to "default" settings (being that this is my only remaining sbs2008 box, I copied settings from SBS2011 as they looked the exact same as far as send connector goes), hoping this would again make the sbs box the sending server, however I got the above error that "your message wasn't sent because of security policies".

    This weekend I plan on doing a little more testing, but this time I think I'm going to create a new send connector, and disable the current one, that way it's an easy toggle if I want to pull sending off google back to the sbs.

    With the upcoming transition from postini to google apps, I'm not sure I'm going to like the google apps platform as much as postini, so I may want to pull sending back.

    I really need to find documentation on recreating the Send Connector, and any other related setting that may be modified to change the sending server from mailing...  If the Send Connector is set up to use MX, I don't see any other hops that would cause the security policy error.


    • Edited by E. Pearia Thursday, May 23, 2013 1:59 PM
    Thursday, May 23, 2013 1:57 PM
  • below TechNet article for your reference

    http://technet.microsoft.com/en-us/library/aa998662%28v=EXCHG.80%29.aspx

    http://support.microsoft.com/kb/265293

    Hope they are helpful for you


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Marked as answer by Andy Qi Tuesday, June 11, 2013 8:21 AM
    Monday, May 27, 2013 9:16 AM
  • below TechNet article for your reference

    http://technet.microsoft.com/en-us/library/aa998662%28v=EXCHG.80%29.aspx

    http://support.microsoft.com/kb/265293

    Hope they are helpful for you


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thanks for the articles.  I glanced them over, and will probably reference them when I get some time to try and make a new send connector.

    Tuesday, May 28, 2013 2:20 PM